Memory leak in Linux kernel can usb driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47231 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU89946
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47231
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/89df95ce32be204eef2e7d4b2f6fb552fb191a68
http://git.kernel.org/stable/c/a115198caaab6d663bef75823a3c5f0802306d60
http://git.kernel.org/stable/c/6f87c0e21ad20dd3d22108e33db1c552dfa352a0
http://git.kernel.org/stable/c/6bd3d80d1f019cefa7011056c54b323f1d8b8e83
http://git.kernel.org/stable/c/d0760a4ef85697bc756d06eae17ae27f3f055401
http://git.kernel.org/stable/c/91c02557174be7f72e46ed7311e3bea1939840b0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
